Introduction: Cracking/Hacking Windows Passwords (UPDATED: VISTA Too!!)

Instructional/Educational Purposes only.
Be nice kids.


First of all, and I have to say this because of some recent comments, this is not a virus, and will not delete any files from your computer. In fact, ophCrack, the software we're gonna use is a very popular password cracker. Google it or Wikipedia it if you don't believe me.

This works for WINDOWS ONLY
UPDATE: WORKS FOR XP AND VISTA

This will crack all windows passwords up to 14 digits on a computer.
You need physical access to the computer.
You don't need to be logged in (that's what this is for).
It will tell you all user names and passwords on the computer.

Step 1: Get the Resource

1. Go here:
http://ophcrack.sourceforge.net/download.phphttp://ophcrack.sourceforge.net/download.php

2. Download the latest version of ophcrack live cd. To crack passwords on an XP computer select 'ophcrack XP LiveCD'. To crack passwords on a VISTA computer select 'ophcrack VISTA LiveCD'.

3.The software you download will be a CD image (.iso format). If you try opening this on a computer with a CD-Writer and CD-Writing Software (eg. Nero, Roxio, Record Now, or whatever you have) it will write that file to a CD.
So, make the CD

Step 2: Crack

1. Make sure the computer you intend to crack is off.

2. Turn on, and instantly pop in the CD you just created.

3. By this time, windows might have started loading. So, turn off computer by holding down power button and then turn on again. What you want to do is boot from the CD. This can be done in two ways:
a. Often pressing one of the function keys (depending on manufacturer) takes you into the BIOS setup (the first splash screen that pops up when you turn on your computer should tell you which one: often F2, F11 or F12.) There, you should look around until you find where you can change the boot order (this differs from company to company depending on your computer brand). Change the boot order, so the computer first boots from CD then from Hard Disk.
b. There is often another function key (again depending on manufacturer) which enters you into the boot selection menu where you can select where to boot from. Hit boot from CD.

4. Watch as the CD loads. It will load a temporary version of linux on to the ram, dump all user names in a box and start processing. This software can only crack passwords up to 14 digits. As it deciphers the passwords, it will decipher each password in two blocks of 7 characters each, and then show you the whole password as a combination of those two under the column labeled 'net password'.

5. Vola! In about 5-10 minutes you have all the user names and passwords on that computer.

Comments

author
SaraM6 made it! (author)2016-02-20

I have completed everything, but it says that the password could not be found. Any suggestions as to what to do next?

author
Dr9 made it! (author)2015-07-12

I have a youtube channel dedicated to this kind of thing guys.

Here is my tutorial video using a similar process to above. https://www.youtube.com/watch?v=YgTHcRumqqU

author
zareao made it! (author)2014-09-27

Well, I don't thinks cracking is a good idea, maybe you can recover Windows Vista password which can keep important data in your computer. I suggest you can use some Windows password recovery tool, there are many and you can search them on Google

author
amitswarupkumarrai made it! (author)2014-09-16

good information for mine
http://quizexpo.com http://naukriexpo.com

author
requirehelp made it! (author)2013-09-16

Aftear launching the cd it comes to a screen that says "Welcome to open source SliTaz boot time: 12 s. Run: 'ophcrack -launcher.sh dialog' to search again for tables. tux@slitaz:~$" I'm assuming it is waiting for a command. I have a vista hplaptop and made sure I downloaded the live cd for vista. Can anyone help

author
lachate made it! (author)lachate2014-04-28

When I lost my Windows password, I try to find out one program from Google, finally use a tool to crack the Windows 7 login password, and it seems to supports all the Windows OS. I got this smart Windows key from CNET website: Windows password recovery

author
hellokey10 made it! (author)2014-04-28

Actually to crack or hack Windows password, I use the SmartKey Windows Password Recovery, it is nice and wonderful! It works like a charm! You can Google it!

author
davidrobinson2018 made it! (author)2013-08-29

kernel panic – not syncing: Attemped to kill the idle task – this is what I got on the screen after selecting a mode with Ophcrack.. and downloaded the file twice and burned it twice.. got the same message..Eventually I purchase the paid software Password Recovery Bundle and it works! Thanks any way!

author
Dashadower made it! (author)2012-06-17

Use daemon tools for a cd making software.

author
AndiLea91 made it! (author)2011-03-26

ok so i put the boot up menu in the right order, i went into the bios set up and changed the boot sequence to "CD/DVD/CD-RW Drive" then "Internal HDD" and i hit esc and then it went through the black linux screen and scrolled down and then went to this white screen that says "ophcrack Live CD" with 4 characters to the side and options to the right. asking for "ophcrack Graphic mode - automati, manual. low ram, and text mode." it started automatically in auto mode and then went to this black screen again and loaded a bunch of dots.

after that it went to this next screen that was all brown and had a large OS in the corner and ophcrack LiveCD along the top and this black box menu that stated. "tables found (mntsr0tablesvista_free), and "list of windows partitions containing hashes (0. mnt/s da2/windows/system32/config)(1. /mnt/s da3/windows/system32/config)", and then "select the partition to crack::" ...what did i do wrong or what am i suppose to do...i have a dell studio with windows vista please help.

author
Splicer02 made it! (author)2011-01-28

Why is this under "Props"?

author
shortman made it! (author)2008-05-08

I have tried about 7 of these instructables to go around or reset admin. password and NONE OF THEM work.

author
jcksparr0w made it! (author)jcksparr0w2010-04-12

ive tried at least 15 of them already and its just like you.  NONE OF THEM WORK!!!!

author
Muscelz made it! (author)Muscelz2009-02-02

try this program called password-nuker, it resets your SAM file on boot

author
kerpaul made it! (author)kerpaul2008-06-18

try my instructable. you don't need any software, just an account on the computer or the computer's network. https://www.instructables.com/id/how-to-change-windows-passwords-without-logging-on/

author
Boom-Man made it! (author)Boom-Man2008-09-16

i read your instructable first of all the account needs to be an administrator also it dose not work for vista i dont really like it (no offence to you what so ever)

author
kerpaul made it! (author)kerpaul2008-09-16

boom-man, the account does NOT need to be an administrator (at least not on the computers i've tried, i have no clue where you've tried) i never said it would work for vista, it says WINDOWS XP in there, just read it carefully. i really don't care that much whether you like it or not, any feedback is good feedback.

author
damasta made it! (author)damasta2008-05-24

try harder, but you're right, most of them only work when you're already admin... This will work (if bootCD isn't locked down in bios) mine will work too I haven't seen other methods on here

author
ian bernal made it! (author)2010-01-20

hello! nice to have this tool,  do you know if it works on windows 7?

author
nightangle made it! (author)nightangle2010-02-22

no, i do not know any thing about hacking.

author
shortman made it! (author)2008-05-08

AVG says this is an unwanted risky file. It did not load to CD but installed on download computer. This is a bad file to try to use.

author
A.C.E. made it! (author)A.C.E.2009-06-17

and you must have downloaded the executable file. if you want to burn it to a disc you need the iso.

author
spartan 2209 made it! (author)spartan 22092009-10-10

Hello again A.C.E. lol.

author
Lance Mt. made it! (author)Lance Mt.2010-02-12

 Hello again spartan 2209....

  I'm sorry, i actually have no idea who you are..

                     Everyone was doing it.

author
spartan 2209 made it! (author)spartan 22092010-02-19

Haha funny thing is I've seen you on other instructables many times :P

author
Lance Mt. made it! (author)Lance Mt.2010-02-20

 Yeah i get that =D

I like this community

author
HardCoreHacker made it! (author)HardCoreHacker2009-10-31

of coarse it says its risky! its a password cracker stupid

author
NetDex made it! (author)2009-12-03

Technically, every anti-virus scanner I use say something like this, " Warning! Virus PSW.PSWdump has been found" or something like that.

author
NetDex made it! (author)NetDex2009-12-03

It goes like this, PSW.PSWDump.at (Unclassified Threat)

author
gamerguy13 made it! (author)2009-10-30

How do you get the windows vista startup to look like that?

author
spartan 2209 made it! (author)2009-10-10

Wow, are you forgetting the TINY detail that you have to be an administrator to download and install. Good try though.

author
blacjack1 made it! (author)2009-10-02

I had my doubts as to if this would actually work, but my first comment turned around and bit me in the arse and i was totally amazed that it worked, but seriously it went to my head a little bit and i kinda went crazy(me and friend) at school with this. Found Head Admins PW All head teachers PW everyones, pretty cool if you ask me.

author
Muscelz made it! (author)2008-09-19

RAINBOW FILES PEOPLE!!!!! RAINBOW FILES!!!!
look em up, make em, USE EM!!! u can crack a 14 number and letter password in aprox 2mins max

He he he he, i got 125gig of tables, i can crack nt lm passwords number/letter/symbol at a 96% hit rate :) **evil laugh** ok very serious

here are some helpful things to follow
LOOK UP
LEARN
LOOK UP SUM MORE JUST TO BE SURE
LEARN WHAT YOU NEED TO
AND USE UR KNOWLEDGE IT CAN GET YOU PLACES!!!! money tooo

author
Scorpio_ctza made it! (author)Scorpio_ctza2008-11-21

If I have used pwdump to get a list of usernames and passwords, how do I crack the hashes

author
Muscelz made it! (author)Muscelz2009-05-09

1st step learn about rainbow files, learn what your variables could be, or your possible variables could be
2nd make rainbow files
3rd download cain&able or another program thats similar. and be on your way
4th step if your lazy and don't care about time, use a bruteforcer

IM SERIOUSLY NOT GOING TO EXPLAIN TO YOU HOW IT WORKS!!!! WASTING MY TIME!!! ITS SIMPLE! USE WIKIPEDIA OR WHAT EVER!!!!!!!!!!!!!!!!! etc

author
The Miracle Man made it! (author)The Miracle Man2009-09-29

"2nd make rainbow files" Have you ever created rainbow tables? Do you know how cpu intensive and time consuming this is? Especially if you need a full character set table generated. Not to mention if you need more than 8 characters. You'll need a 100 GPUs running about 2 years to generate a highly successful and relaible rainbow table.

author
knex_mepalm made it! (author)knex_mepalm2009-08-08

uselesss, my computer file is 100 letters randomly typed and now remembered by me i remember the whole thing!!!!YOu cann't crack that in less than 10 hours i bet

author
Muscelz made it! (author)Muscelz2009-08-15

i know how to generate new sam files. if cracking doesn't work. ill just replace the sam file leaving no passwords

author
knex_mepalm made it! (author)knex_mepalm2009-08-15

i did a 512 - bit encryption and i made it so it is impossible to delete unless you fry the cpu or something

author
Muscelz made it! (author)Muscelz2009-08-16

haha nah it dusnt work that way, the sam file contains info about the pc including specs, keys, passwords etc etc. as long as i got the cd key i can replace the sam file. jsut gota detect specs, enter product key and its ready to go lm and ntlm encryptions don't phase me anymore.

author
knex_mepalm made it! (author)knex_mepalm2009-08-18

i put it into an encryption folder

author
Muscelz made it! (author)Muscelz2009-08-18

my 3.3ghz I7e 975 can smash that 512bit encyption with in a month.
i can crack: (in real time mode)
Rijndael 128-256
Tripple DES 128
DES 56
Blowfish 128
PK v2.04g

and you can delete it, a encrypted file can be deleted. it just means it cant be read with out being decrypted. from my perspective you dont know what your talking about
AES 128-256

author
knex_mepalm made it! (author)knex_mepalm2009-08-19

ooops i typed it wrong, i put it in a folder which has a password on and if you want to delete it you need to crack the password but if you wanna read it you gotta crack another one

author
Muscelz made it! (author)Muscelz2009-08-20

ha it doesn't work like that, all you gota do it stop that process that's running that's "protecting" that file. once process has been ended the file is open for deletion. or if that doesn't work which it will (100%) just pop in my debian flash drive and delete that suka... no way u can stop me from deleting anything or cracking it unless i don't have the algorithm or i cant identify the encryption type

author
The Miracle Man made it! (author)The Miracle Man2009-09-29

What if the BIOS is password protected and doesn't allow booting from external media (of course there are ways around that)? On top of that, what if the entire hard drive is encrypted, with say... TrueCrypt? Combine those two with the encryption on the folders, and I hate to say it, but the liklihood you'll succeed in our lifetime are about .001%.

author
The Miracle Man made it! (author)The Miracle Man2009-09-29

The deletion I'll agree with you, but would need to be done in offline mode, or with system/root level permissions. As for your comment on cracking, apparently you forgot to mention there can be no time constraints. I'll give you the benefit of the doubt, you can crack anything, but the cracking process may not finish in this century.

author
knex_mepalm made it! (author)knex_mepalm2009-08-20

hmmmmm. that gives me an idea, say are you good at cracking?

author
Muscelz made it! (author)Muscelz2009-08-21

yes ofcource i can, and im not decrypting for the hell of it

author
Muscelz made it! (author)Muscelz2009-08-18

oops AES 128-256 was meant to be under PK v2-04g

author
The Miracle Man made it! (author)The Miracle Man2009-09-29

What's the character set on your NTLM tables? Character length? Does it support Unicode? If I use a 128 character length password, your 10 character length limited NTLM rainbow table will NOT crack that. If you attempt brute force, your computer will give out before you ever get it cracked.